Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

UK public sector data breach fines reach 2 million pounds

Thales : 06 November, 2012  (Technical Article)
Costing the UK public sector as much as 2 million pounds in fines, information security is proving to be a financial headache for non-commercial organisations
UK public sector data breach fines reach 2 million pounds

With public sector organisations having had to pay out over £2m in fines for information security infringements over the past 18 months, Ross Parsell of Thales UK, has made the following comments.

“The news that the Information Commissioner’s Office has fined public sector organisations over £2m in the last 18 months has shown how basic lessons on information security are not being learned. A perimeter-based approach to security based around firewalls and defensive controls around the IT network is no longer sufficient. Organisations need to rethink their approach to information security and take care to classify and protect data itself according to the sensitivity of that information.

“‘End-to-end information security’ is a useful catch-all term to describe a strong security posture. However, the public sector needs to consider the status of different types of data in order to take the steps to adequately protect that data. Data can be categorised in three ways for this purpose:

“‘Data at Rest’, the inactive data physically stored in databases, spreadsheets, data warehouses and mobile devices. From a security standpoint, data at rest is vulnerable. It is imperative that public sector organisations protect sensitive data against brute force attacks with strong encryption for when authentication methods like usernames and passwords fail.

“‘Data in Transit’, is data transferred between two nodes in a network. In virtually all cases, the network cannot be trusted and the data must be protected with network encryption, supplemented by SSL certificates, Internet Protocol Security (IPSec) and other precautions where relevant. Finally there is ‘data in use’, data being used in an in-memory state. Sensitive data should be protected by application encryption and exposed on a need to know basis, encrypted as soon as possible and decrypted only when necessary. This selective approach can only be performed at the application level.

“By classifying data rather than systems for different levels of protection, public sector organisations can protect themselves from the indignity and criticisms of security breaches, as well as the associated data breach financial penalties. The threats to data theft, both internal and external and by either human error or malicious intent are costly and dangerous. Government has a duty to protect this information and the Public Services Network is a major step to fulfilling this duty.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo